Top 8 in ’08

Year-end lists are quite popular at this time of the year — here’s our own top threats in 2008.

Most Prolific: Mass Compromises
Attacks were targeted to a specific group of users and were targeted at popular Web sites. Diverse Web sites — entertainment, political, online shopping, social networking — were all used to spread malware. Compromises were at its height in May, when Web sites from around the world were injected with malicious codes to infect unknowing Internet users. This trend, unfortunately, seems to be continuing at a pace that defies the imagination.

Most Persistent: Botnets
Botnets are resident evils, and they’re always there. Giants like Storm, Kraken, Mega-D/Odzok, MayDay, and ASProx — all created ripples throughout 2008, remaining consistently on the radar of botnet researchers. The shutdown of McColo, a major cyber crime hoster in November, only temporarily deterred bot masters from looking for alternative means to proliferate.

Largest Distribution Campaign: Fake AV
“Rogue AV” software has two functions: they convince users that they are infected with malware by faking infection symptoms, and lure users into purchasing a fake antivirus programs to clean the fake infection. These threats use a variety of arrival and infection channels, from spam to mass SEO poisoning, involving several compromised Web sites.

Most Untraceable: DNS Changers
Two DNS changing malware detected by Trend Micro as TROJ_AGENT.NDT and BKDR_AGENT.CAHZ poison other hosts on the local subnet by installing a rogue Dynamic Host Configuration Protocol (DHCP) server on the network. These malware monitor traffic and intercept request packets from other computers in the network. They reply to intercepted requests with packets containing malicious DNS servers causing the recipients of the malicious packets to be redirected to malicious sites without their consent.

Most Automated: Exploits
A .DLL worm, WORM_DOWNAD.A, which exploits the MS08-067 vulnerability, and exhibited routines that led security analysts to postulate that it is a key component in the development of a new botnet. More than 500,000 unique hosts spread across different countries have since been discovered to have fallen victim to this threat.

A zero-day bug in Internet Explorer also prominently featured in at least two massive online threats: an information stealing campaign and a mass SQL injection attack on some 6,000 websites. Cyber criminals are able to exploit these bugs with very minimal user interaction, if none at all.

Most Technologically Advanced: Rootkits
The MBR (Master Boot Record) rootkit threat made waves early in 2008. Trend Micro detects the rootkit as TROJ_SINOWAL.AD. It looks for the bootable partition of the affected system and creates a new malicious MBR that loads the rootkit component, detected as RTKT_AGENT.CAV. It is then saved in an arbitrary sector within the bootable partition.

Most Destructive: Ransomware
A new version of the GPcode ransomware, which Trend Micro detects as TROJ_RANDSOM.A, surfaced in November. It searches and encrypts files found on any readable and writable drive on the system, rendering them inaccessible without the encryption key. Victims are informed that a decrypting tool must be purchased to decrypt the files. This is done through a text file dropped in each folder containing an encrypted file.

Most Irritating: AUTORUN Malware
Removable and physical drives are the fourth highest source of infection globally. Of the total infection number in Asia and Australia, 15% are from malware borne by removable drives. Most Asian countries have AUTORUN malware as their top infector and the top malware infecting PCs in Europe, Middle East and Africa (EMEA) also include several AUTORUN malware. They are so successful in propagation that they have also infiltrated the NASA and the U.S. Department of Defense networks.

News of pre-shipped malware on USBs also didn’t die down. The most recent product to be reported carrying worms is HP’s Proliant USB Keys.

The Trend Micro Smart Protection Network secures PCs and keeps them safe from all of these threats by filtering malicious spam, blocking dangerous URLs, and detecting malware and providing solutions for their cleanup and removal.

Security Predictions for 2020

Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.Read our security predictions for 2020.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.